So something as simple as only allowing IOP traffic to
transit a vlan...
Now if we have spanning-tree and arp running on here
we would have to remmber to permit those in the VACL
as well.
If their a doccd ref or something may help out with
this configuration or are we just supposed to memorize
it ?
maybe we could just apply what we know and then debug
the vacl?
ie)
ip access-list extended IPONLY
PERMIT IP ANY ANY
mac access-list extended IP_ARP
permit any any 0x806 0x0
mac access-list extended PVSTPLUS_STP
permit any any lsap 0xaaaa 0x0
vlan access-map IPONLY 10
action forward
match ip address IPONLY
vlan access-map IPONLY 20
action forward
match mac address IP_ARP
vlan access-map IPONLY 30
action forward
match mac address PVSTPLUS_STP
vlan access=-map IPONLY 40
action drop
vlan filter IPONLY vlan-list 100
